Privacy Policy

Last updated: June 10, 2026

Privacy is the reason Luminari Doc exists, so this policy is written to be read. It names every company that touches your data, where it lives, and for how long.

1. Who is responsible

The Service is operated by Slim Labbane Dit Kalti, sole proprietor ("we"). Contact for all privacy matters: hello@luminaridoc.com.

For the business documents you upload, you (or your company) remain the data controller and we act as a processor on your instructions. A Data Processing Agreement is available on request.

2. What we collect

• Documents you upload — processed solely to generate your analysis.
• Account & contact data — name, email address, and the analysis type you select.
• Billing data — handled entirely by Paddle, our merchant of record. We never see your card details.
• Basic technical logs — IP address and timestamps, kept for security.

3. How your documents are processed — and by whom

Every processor we use, in full:

• Hetzner Online GmbH (Germany) — hosting. Your document is received and stored on a server in Falkenstein, Germany, for the duration of processing.
• Mistral AI (France) — AI analysis. Document text is sent to Mistral's API on EU servers. Mistral does not use API data to train its models.
• Brevo (France) — email delivery. Your finished analysis is sent to your email address via Brevo.
• mailbox.org / Heinlein Hosting GmbH (Germany) — our business mailbox. If you reply to us by email, your message is hosted in Germany.
• Paddle (UK) — payments, as merchant of record.

No US company processes your documents at any step.

4. What we never do

• We never use your documents to train AI models, and neither does our AI provider.
• We never sell or share your data with advertisers or data brokers.
• We never transfer your documents outside the EU/EEA (and UK, for billing data only).

5. Retention and deletion

• Uploaded documents: deleted automatically within 24 hours of processing.
• Generated analyses: retained for 30 days so we can resend or fix a failed delivery, then deleted. Deleted earlier on request.
• Contact and billing records: kept as long as legally required for accounting, then deleted.

6. Legal bases (GDPR)

We process data to perform our contract with you (Art. 6(1)(b) GDPR), to comply with legal obligations (Art. 6(1)(c)), and for our legitimate interest in securing the Service (Art. 6(1)(f)).

7. Your rights

You may request access, correction, deletion, restriction, or portability of your personal data, and object to processing, by emailing hello@luminaridoc.com. We respond within 30 days. You may also lodge a complaint with your local data protection authority.

8. Security

All transfers are encrypted in transit (TLS). Documents are stored with unguessable identifiers, processed in isolation, and removed on schedule. Access to production systems is limited to the Operator.

9. Cookies

The website sets no advertising or analytics cookies. Only functional cookies strictly necessary for checkout (Paddle) are used.

10. Changes

Material changes to this policy will be announced on this page and, for customers, by email at least 14 days in advance.